Rule-Update prompts for password
Samson H
I just set my sensors and master server up and half of them prompt me for a password before pulling down each and every file when I run a run "rule-update".
I can however do a "salt '*' test.ping" and get a "True" response back from ALL of my sensors when running from the master server(not sure if this proves anything to be honest).
Would anyone know why the "rule-update" script keeps prompting me for a password on only half of my sensors and not the other half?
Doug Burks
To clarify, if you've enabled salt on all machines in your deployment,
then salt should have disabled the rule-update cron job in favor of
its own method of distributing rules to the sensors. However, if you
manually run rule-update and get prompted for the password then that
may be indicative of other problems, so let's go ahead and
troubleshoot.
rule-update uses scp to copy files from the master to the sensor. To
do that, it authenticates using the username and ssh key stored in
/root/.ssh/ on the sensor. This would be the username that you
entered during Setup on the sensor that it used to connect to the
server.
Are you able to manually ssh from the sensor to the server using that
username and its password?
Are you able to ssh using that username and the ssh key in /root/.ssh/?
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Samson H
So it would appear that a simple "no" would answer each of your questions...haha
I'm going to attempt to re-setup my master server virtual machine and I will see where that gets me.
Side question: Are there any known conflicts if my master server has the latest operating system updates, but my sensor's operating system updates vary?
Doug Burks
On Wed, May 28, 2014 at 11:47 AM, Samson H <this.is...@gmail.com> wrote:
> Unfortunately network issues are preventing me from taking the steps to troubleshoot any further...
that started this thread?
> So it would appear that a simple "no" would answer each of your questions...haha
> I'm going to attempt to re-setup my master server virtual machine and I will see where that gets me.
> Side question: Are there any known conflicts if my master server has the latest operating system updates, but my sensor's operating system updates vary?
have the same updates applied.
--
Doug Burks
Samson H
-If you're having network issues, could that be the cause of your issue
that started this thread?
I don't believe so, it seems to me like the issue lies within my ssh configuration. Are there any specific outputs I can submit with a working sensor and non-working sensor that might show if the issue lies within ssh?
-You'll need to resolve your network issues before reconfiguring your boxes.
The networking issue seems to be resolved at this point.
-That's not something that we test or support. We recommend all boxes
have the same updates applied.
Okay, I will watch to make sure they are all using the same versions a little more closely.
Doug Burks
>
> -If you're having network issues, could that be the cause of your issue
>
> that started this thread?
>
>
>
> I don't believe so, it seems to me like the issue lies within my ssh configuration. Are there any specific outputs I can submit with a working sensor and non-working sensor that might show if the issue lies within ssh?
Are you able to manually ssh from the sensor to the server using that
username and its password?
Are you able to ssh using that username and the ssh key in /root/.ssh/?
Doug Burks
Samson H
username and its password?
It was prompting me for the password when I would try to manually try to ssh from the senor to the server
-Are you able to ssh using that username and the ssh key in /root/.ssh/?
I am but it was requiring a password. I ended up re-running setup on the 5 sensors that were not functioning properly. They all can get the rule-update without the password prompt now.